s4-lsa: merge lsa_LookupSids/{2,3} from s3 lsa idl.

Guenther

source3/librpc/gen_ndr/lsa.h

@@ -9,8 +9,6 @@
 
 #define LSA_ENUM_TRUST_DOMAIN_MULTIPLIER	( 60 )
 #define LSA_REF_DOMAIN_LIST_MULTIPLIER	( 32 )
-#define MAX_REF_DOMAINS	( LSA_REF_DOMAIN_LIST_MULTIPLIER )
-#define MAX_LOOKUP_SIDS	( 0x5000 )
 #define LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER	( 82 )
 #define LSA_CLIENT_REVISION_NO_DNS	( 0x00000001 )
 #define LSA_CLIENT_REVISION_DNS	( 0x00000002 )

source3/librpc/idl/lsa.idl

@@ -391,8 +391,6 @@ import "misc.idl", "security.idl";
 	} lsa_TransSidArray;
 
 	const int LSA_REF_DOMAIN_LIST_MULTIPLIER = 32;
-	const int MAX_REF_DOMAINS = LSA_REF_DOMAIN_LIST_MULTIPLIER;
-
 	typedef struct {
 		[range(0,1000)] uint32 count;
 		[size_is(count)] lsa_DomainInfo *domains;
@@ -442,10 +440,7 @@ import "misc.idl", "security.idl";
 		[size_is(count)] lsa_TranslatedName *names;
 	} lsa_TransNameArray;
 
-	/* This number is based on Win2k and later maximum response allowed */
-	const int MAX_LOOKUP_SIDS = 0x5000; /* 20480 */
-
-	[public] NTSTATUS lsa_LookupSids (
+	[public] NTSTATUS lsa_LookupSids(
 		[in]         policy_handle *handle,
 		[in,ref]     lsa_SidArray *sids,
 		[out,ref]    lsa_RefDomainList **domains,

source3/passdb/lookup_sid.c

@@ -746,7 +746,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
 	}
 
 	dom_infos = TALLOC_ZERO_ARRAY(mem_ctx, struct lsa_dom_info,
-				      MAX_REF_DOMAINS);
+				      LSA_REF_DOMAIN_LIST_MULTIPLIER);
 	if (dom_infos == NULL) {
 		result = NT_STATUS_NO_MEMORY;
 		goto fail;
@@ -816,7 +816,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
 			continue;
 		}
 
-		for (j=0; j<MAX_REF_DOMAINS; j++) {
+		for (j=0; j<LSA_REF_DOMAIN_LIST_MULTIPLIER; j++) {
 			if (!dom_infos[j].valid) {
 				break;
 			}
@@ -825,7 +825,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
 			}
 		}
 
-		if (j == MAX_REF_DOMAINS) {
+		if (j == LSA_REF_DOMAIN_LIST_MULTIPLIER) {
 			/* TODO: What's the right error message here? */
 			result = NT_STATUS_NONE_MAPPED;
 			goto fail;
@@ -869,7 +869,7 @@ NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids,
 
 	/* Iterate over the domains found */
 
-	for (i=0; i<MAX_REF_DOMAINS; i++) {
+	for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
 		uint32_t *rids;
 		const char *domain_name = NULL;
 		const char **names;

source3/rpc_server/srv_lsa_nt.c

@@ -33,6 +33,8 @@
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_RPC_SRV
 
+#define MAX_LOOKUP_SIDS 0x5000 /* 20480 */
+
 extern PRIVS privs[];
 
 struct lsa_info {
@@ -68,13 +70,13 @@ static int init_lsa_ref_domain_list(TALLOC_CTX *mem_ctx,
 		num = ref->count;
 	}
 
-	if (num >= MAX_REF_DOMAINS) {
+	if (num >= LSA_REF_DOMAIN_LIST_MULTIPLIER) {
 		/* index not found, already at maximum domain limit */
 		return -1;
 	}
 
 	ref->count = num + 1;
-	ref->max_size = MAX_REF_DOMAINS;
+	ref->max_size = LSA_REF_DOMAIN_LIST_MULTIPLIER;
 
 	ref->domains = TALLOC_REALLOC_ARRAY(mem_ctx, ref->domains,
 					    struct lsa_DomainInfo, ref->count);
@@ -725,7 +727,7 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	for (i=0; i<MAX_REF_DOMAINS; i++) {
+	for (i=0; i<LSA_REF_DOMAIN_LIST_MULTIPLIER; i++) {
 
 		if (!dom_infos[i].valid) {
 			break;

source4/libcli/util/clilsa.c

@@ -202,6 +202,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
 	struct lsa_LookupSids r;
 	struct lsa_TransNameArray names;
 	struct lsa_SidArray sids;
+	struct lsa_RefDomainList *domains = NULL;
 	uint32_t count = 1;
 	NTSTATUS status;
 	struct dom_sid *sid;
@@ -231,6 +232,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
 	r.in.count = &count;
 	r.out.count = &count;
 	r.out.names = &names;
+	r.out.domains = &domains;
 
 	status = dcerpc_lsa_LookupSids(cli->lsa->pipe, mem_ctx2, &r);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -243,7 +245,7 @@ NTSTATUS smblsa_lookup_sid(struct smbcli_state *cli,
 	}
 
 	(*name) = talloc_asprintf(mem_ctx, "%s\\%s", 
-				  r.out.domains->domains[0].name.string,
+				  domains->domains[0].name.string,
 				  names.names[0].name.string);
 
 	talloc_free(mem_ctx2);

source4/librpc/idl/lsa.idl

@@ -440,13 +440,13 @@ import "misc.idl", "security.idl";
 		[size_is(count)] lsa_TranslatedName *names;
 	} lsa_TransNameArray;
 
-	[public] NTSTATUS lsa_LookupSids (
+	[public] NTSTATUS lsa_LookupSids(
 		[in]         policy_handle *handle,
-		[in]         lsa_SidArray *sids,
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out]     lsa_TransNameArray *names,
+		[in,ref]     lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray *names,
 		[in]         uint16 level,
-		[in,out] uint32 *count
+		[in,out,ref] uint32 *count
 		);
 
 
@@ -1013,11 +1013,11 @@ import "misc.idl", "security.idl";
 
 	[public] NTSTATUS lsa_LookupSids2(
 		[in]     policy_handle *handle,
-		[in]     lsa_SidArray *sids,
-		[out,unique]        lsa_RefDomainList *domains,
-		[in,out] lsa_TransNameArray2 *names,
+		[in,ref] lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray2 *names,
 		[in]         uint16 level,
-		[in,out] uint32 *count,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);
@@ -1175,11 +1175,11 @@ import "misc.idl", "security.idl";
 	/* Function 0x4c */
 
 	[public] NTSTATUS lsa_LookupSids3(
-		[in]         lsa_SidArray *sids,
-		[out,unique] lsa_RefDomainList *domains,
-		[in,out]     lsa_TransNameArray2 *names,
+		[in,ref]     lsa_SidArray *sids,
+		[out,ref]    lsa_RefDomainList **domains,
+		[in,out,ref] lsa_TransNameArray2 *names,
 		[in]         uint16 level,
-		[in,out]     uint32 *count,
+		[in,out,ref] uint32 *count,
 		[in]         uint32 unknown1,
 		[in]         uint32 unknown2
 		);

source4/rpc_server/lsa/lsa_lookup.c

@@ -522,6 +522,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 				struct lsa_LookupSids2 *r)
 {
 	struct lsa_policy_state *state;
+	struct lsa_RefDomainList *domains = NULL;
 	int i;
 	NTSTATUS status = NT_STATUS_OK;
 
@@ -530,7 +531,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	r->out.domains = NULL;
+	*r->out.domains = NULL;
 
 	/* NOTE: the WSPP test suite tries SIDs with invalid revision numbers,
 	   and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as 
@@ -543,10 +544,11 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 		return status;
 	}
 
-	r->out.domains = talloc_zero(mem_ctx,  struct lsa_RefDomainList);
-	if (r->out.domains == NULL) {
+	domains = talloc_zero(r->out.domains,  struct lsa_RefDomainList);
+	if (domains == NULL) {
 		return NT_STATUS_NO_MEMORY;
 	}
+	*r->out.domains = domains;
 
 	r->out.names = talloc_zero(mem_ctx,  struct lsa_TransNameArray2);
 	if (r->out.names == NULL) {
@@ -592,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 		/* set up the authority table */
 		status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, 
 						    authority_name, sid, 
-						    r->out.domains, &sid_index);
+						    domains, &sid_index);
 		if (!NT_STATUS_IS_OK(status2)) {
 			continue;
 		}
@@ -604,7 +606,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call,
 
 		(*r->out.count)++;
 	}
-	
+
 	if (*r->out.count == 0) {
 		return NT_STATUS_NONE_MAPPED;
 	}
@@ -660,6 +662,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call,
 	r2.in.unknown2 = r->in.unknown2;
 	r2.out.count   = r->out.count;
 	r2.out.names   = r->out.names;
+	r2.out.domains = r->out.domains;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
 
@@ -692,6 +695,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m
 	r2.in.unknown2 = 0;
 	r2.out.count   = r->out.count;
 	r2.out.names   = NULL;
+	r2.out.domains = r->out.domains;
 
 	status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2);
 	/* we deliberately don't check for error from the above,

source4/torture/ndr/lsa.c

@@ -1014,11 +1014,12 @@ static const uint8_t lsarlookupsids_out_data[] = {
 static bool lsarlookupsids_out_check(struct torture_context *tctx, 
 									 struct lsa_LookupSids *r)
 {
-	torture_assert(tctx, r->out.domains != NULL, "domains");
-	torture_assert_int_equal(tctx, r->out.domains->count, 1, "domains count");
-	torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-	torture_assert(tctx, r->out.domains->domains != NULL, "domains domains");
-	torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "BUILTIN", "name");
+	struct lsa_RefDomainList *domains = *(r->out.domains);
+	torture_assert(tctx, domains != NULL, "domains");
+	torture_assert_int_equal(tctx, domains->count, 1, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert(tctx, domains->domains != NULL, "domains domains");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "BUILTIN", "name");
 	torture_assert_ntstatus_ok(tctx, r->out.result, "return code");
 	return true;
 }
@@ -1474,12 +1475,13 @@ static const uint8_t lsarlookupsids2_out_data[] = {
 static bool lsarlookupsids2_out_check(struct torture_context *tctx, 
 									 struct lsa_LookupSids2 *r)
 {
+	struct lsa_RefDomainList *domains = *(r->out.domains);
 	/* FIXME: Handle */
 	torture_assert(tctx, r->out.names != NULL, "names ptr");
 	torture_assert(tctx, r->out.domains != NULL, "domains ptr");
-	torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
-	torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-	torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+	torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
 	torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
 	torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
 	torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");
@@ -1749,12 +1751,13 @@ static const uint8_t lsarlookupsids3_out_data[] = {
 static bool lsarlookupsids3_out_check(struct torture_context *tctx, 
 				      struct lsa_LookupSids3 *r)
 {
+	struct lsa_RefDomainList *domains = *(r->out.domains);
 	/* FIXME: Handle */
 	torture_assert(tctx, r->out.names != NULL, "names ptr");
 	torture_assert(tctx, r->out.domains != NULL, "domains ptr");
-	torture_assert_int_equal(tctx, r->out.domains->count, 4, "domains count");
-	torture_assert_int_equal(tctx, r->out.domains->max_size, 32, "domains size");
-	torture_assert_str_equal(tctx, r->out.domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
+	torture_assert_int_equal(tctx, domains->count, 4, "domains count");
+	torture_assert_int_equal(tctx, domains->max_size, 32, "domains size");
+	torture_assert_str_equal(tctx, domains->domains[0].name.string, "NT AUTHORITY", "trust info name");
 	torture_assert_int_equal(tctx, r->out.names->count, 7, "names count");
 	torture_assert_str_equal(tctx, r->out.names->names[0].name.string, "Account Operators", "name str 1");
 	torture_assert_str_equal(tctx, r->out.names->names[1].name.string, "Administrators", "name str 2");

source4/torture/rpc/lsa.c

@@ -449,6 +449,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
 {
 	struct lsa_LookupSids r;
 	struct lsa_TransNameArray names;
+	struct lsa_RefDomainList *domains = NULL;
 	uint32_t count = sids->num_sids;
 	NTSTATUS status;
 
@@ -464,6 +465,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p,
 	r.in.count = &count;
 	r.out.count = &count;
 	r.out.names = &names;
+	r.out.domains = &domains;
 
 	status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -488,6 +490,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
 {
 	struct lsa_LookupSids2 r;
 	struct lsa_TransNameArray2 names;
+	struct lsa_RefDomainList *domains = NULL;
 	uint32_t count = sids->num_sids;
 	NTSTATUS status;
 
@@ -505,6 +508,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p,
 	r.in.unknown2 = 0;
 	r.out.count = &count;
 	r.out.names = &names;
+	r.out.domains = &domains;
 
 	status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
 	if (!NT_STATUS_IS_OK(status)) {
@@ -531,6 +535,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
 {
 	struct lsa_LookupSids3 r;
 	struct lsa_TransNameArray2 names;
+	struct lsa_RefDomainList *domains = NULL;
 	uint32_t count = sids->num_sids;
 	NTSTATUS status;
 
@@ -545,6 +550,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p,
 	r.in.count = &count;
 	r.in.unknown1 = 0;
 	r.in.unknown2 = 0;
+	r.out.domains = &domains;
 	r.out.count = &count;
 	r.out.names = &names;
 
@@ -594,6 +600,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 	if (handle) {
 		struct lsa_LookupSids r;
 		struct lsa_TransNameArray names;
+		struct lsa_RefDomainList *domains = NULL;
 		names.count = 0;
 		names.names = NULL;
 
@@ -604,6 +611,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 		r.in.count = &names.count;
 		r.out.count = &count;
 		r.out.names = &names;
+		r.out.domains = &domains;
 		
 		status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -619,6 +627,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 	} else if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
 		   p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
 		struct lsa_LookupSids3 r;
+		struct lsa_RefDomainList *domains = NULL;
 		struct lsa_TransNameArray2 names;
 
 		names.count = 0;
@@ -634,6 +643,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 		r.in.unknown2 = 0;
 		r.out.count = &count;
 		r.out.names = &names;
+		r.out.domains = &domains;
 		
 		status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
 		if (!NT_STATUS_IS_OK(status)) {
@@ -683,6 +693,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
 	uint32_t *count;
 	struct lsa_TransNameArray *names;
 	struct lsa_LookupSids *r;
+	struct lsa_RefDomainList *domains = NULL;
 	struct rpc_request **req;
 	int i, replies;
 	bool ret = true;
@@ -714,6 +725,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p,
 		r[i].in.count = &names[i].count;
 		r[i].out.count = &count[i];
 		r[i].out.names = &names[i];
+		r[i].out.domains = &domains;
 		
 		req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
 		if (req[i] == NULL) {

source4/winbind/wb_async_helpers.c

@@ -41,6 +41,7 @@ struct lsa_lookupsids_state {
 	struct lsa_LookupSids r;
 	struct lsa_SidArray sids;
 	struct lsa_TransNameArray names;
+	struct lsa_RefDomainList *domains;
 	uint32_t count;
 	struct wb_sid_object **result;
 };
@@ -76,6 +77,9 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
 		if (state->sids.sids[i].sid == NULL) goto failed;
 	}
 
+	state->domains = talloc(state, struct lsa_RefDomainList);
+	if (state->domains == NULL) goto failed;
+
 	state->count = 0;
 	state->num_sids = num_sids;
 	state->names.count = 0;
@@ -88,6 +92,7 @@ struct composite_context *wb_lsa_lookupsids_send(TALLOC_CTX *mem_ctx,
 	state->r.in.count = &state->count;
 	state->r.out.names = &state->names;
 	state->r.out.count = &state->count;
+	state->r.out.domains = &state->domains;
 
 	req = dcerpc_lsa_LookupSids_send(lsa_pipe, state, &state->r);
 	if (req == NULL) goto failed;
@@ -125,6 +130,8 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
 		struct lsa_TranslatedName *name =
 			&state->r.out.names->names[i];
 		struct lsa_DomainInfo *dom;
+		struct lsa_RefDomainList *domains =
+			state->domains;
 
 		state->result[i] = talloc_zero(state->result,
 					       struct wb_sid_object);
@@ -135,13 +142,13 @@ static void lsa_lookupsids_recv_names(struct rpc_request *req)
 			continue;
 		}
 
-		if (name->sid_index >= state->r.out.domains->count) {
+		if (name->sid_index >= domains->count) {
 			composite_error(state->ctx,
 					NT_STATUS_INVALID_PARAMETER);
 			return;
 		}
 
-		dom = &state->r.out.domains->domains[name->sid_index];
+		dom = &domains->domains[name->sid_index];
 		state->result[i]->domain = talloc_reference(state->result[i],
 							    dom->name.string);
 		if ((name->sid_type == SID_NAME_DOMAIN) ||